Risk Analyst - Information Security, Moodle - US (Remote)

Moodle with us!

We're the world's most popular learning platform and we’re on a mission to empower educators to improve our world.

Find out about your new workplace...

Moodle is the world’s most trusted online learning solution. The engine of our ecosystem is Moodle LMS, the secure and customizable open source learning management platform used by over 250 million learners worldwide. Developed in conjunction with our community, Moodle LMS is complemented by an ecosystem of products including Moodle Workplace and a network of partners and services providing hosting, customizations and support. We also teach and support educators to create effective online learning experiences and share open education resources. Collectively, we empower educators to improve our world.

Moodle provides services in learning design, implementation support, training, hosting, custom development, and support for Moodle LMS, Moodle Workplace, as well as other Moodle products.

We’ve built a passionate team of hard-working and driven people from all over the world, united by a shared belief in the ability of our platform to make a positive difference to our world. We respect our colleagues and value an open and innovative workplace, filled with integrity and of course a strong focus on education (yes, these are our company values!)

Find out more about us on our website.

What your new role can look like…

The Risk Analyst main function is to work within the Information Security department and serve as an analyst on quantitative risk assessment, threat and vulnerability assessment practices, compliance management and audit management functions. The individual will support the company’s Information Security Governance, Risk, and Compliance program.

Please note, as this role will be deeply involved in our Fed RAMP certification process, the individual hired must be a US person (citizen or legal permanent resident). Additional responsibilities involving global projects will require availability to meet with global stakeholders during alternative time zone working hours.

With the pace of Moodle, no two days will ever be the same! You will...

• Continuously monitor the security, risk and compliance industry to remain current in frameworks, risk management practices and solutions for the Information Security Department.
• Continuously monitor, audit, evaluate and improve the technical controls under administration by this position.
• Establish performance indexes (KPI, OKR, KRI, etc) and other risk metrics for quantitative measurement.
• Assist in the continuous assessment and improvement of all department policies, processes and procedures.
• Administer and be the Subject Matter Expert on the technologies under administration by this position.
• Help develop and maintain risk and security compliance programs for the global organization, including SOC 2, FedRAMP, ISO 2700, TPRM, and VM. This involves policy, process and technologies, and ensuring continuous compliance of active certifications.
• Support the department’s audit and compliance activities to maintain active certifications, or achieve future certification objectives.  
• Help develop and maintain the company’s Cyber Risk Management Program serving to identify and mitigate cyber risk to the organization within the Risk Tolerance and Risk Appetite Statements.
• Routinely interface with adjacent department stakeholders and leaders for the accuracy of all risks identified within the Risk Management Program.
• Help inform and improve the Vendor Risk Management Program.
• Develop processes for continuous improvement of controls under administration by this position.
• Establish and manage vendor relationships for the technologies under administration by this position.

Requirements

This position embodies and promotes the department’s mission, goals and values:

Mission:

• To reduce the probability of material impact due to a cyber event

Goals:

• Support: Support the company strategy and objectives
• Protect: Protect the critical assets including reputation 
• Comply: Comply with laws, regulations and industry standards 
• Enable: Enhance company competitive position by securely supporting and enabling new products / services 
• Educate: Effectively promote information security education 

Values

• Honesty
• Integrity
• Accountability
• Collaboration
• Continuous Improvement

We’d love to hear from you, especially if you can talk to us about your:

• Bachelor's Degree in a related field of study.
• Competency and proficiency in the CIS CSC and NIST CSF security frameworks.
• Competency and proficiency in the FAIR risk framework.
• Proficiency and capability in project management practices.
• Embody and promote the department’s mission, goals and values.
• Experience managing SOC2 recertification processes

You’ll sweep us off our feet if you have:

• CompTIA A+
• CompTIA Security+
• FAIR Analyst
• CRISC
• CRM

Benefits

What's in it for you?

We’ve already talked about the importance we place on achieving our mission to empower educators to improve our world, our passion for our values and some of the cool things we are doing as a company.

So what about this?!

• Fully remote opportunity, working from home or wherever suits you
• Flexible work schedule
• Supportive, passionate, and fun team
• Culture that fosters personal growth and development
• Salary range of $55,000 - $62,000 per year, depending on experience and education
• Plus, we’ll provide you with a benefits package, including health insurance coverage, employer 401(k) contribution, paid time off, group term life, and much more. Find out more on our Careers page.

Moodle US is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind: Moodle US is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Moodle US are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Moodle will not tolerate discrimination or harassment based on any of these characteristics. Moodle encourages applicants of all ages.